Hospitals, charities hacked…. who is next?

Hospitals and Charities hacked It happens every time. We all know about it, hear it in the news, make a mental note of addressing the issue – and then life takes over.

It happened again ! The latest attack from several Indonesian hackers has been widely reported in the news.

In an article in The Age on 4th Nov, it was reported how the 524 bed Wesley Hospital in Brisbane was hacked. Was it a targeted attack? Probably. Kudos to the hospital staff the breach was identified quickly – and fixed.

In the last week several charities, not-for-profit organisations and over 100 small businesses (yes private medical practice is a small business) were hacked. The response fromĀ Lisa Cheng, CEO of Children’s Tumour Foundation of Australia is very tellingĀ “I can’t imagine why someone would attack a small charity. I suppose we’re just an easy target.”

The attacks happened on Sunday and took the business a few days to recover from the incident. According to the Australian Federal Police, there is little these business can do. They mentioned that AFP investigates overseas cyber- attacks only if a government agency is involved.

So why are medical practices easy targets?

Small businesses like medical practices are a prime target. They deal with sensitive information on a daily basis. The ramifications of a security breach are severe. The hackers (ransomware) can get a quick win.

However, suffice to say MOST private practices take the risk on a daily basis.

As we speak with specialists and surgeons on a daily basis, we identify several loopholes in their server/network security. Unfortunately, passwords and a firewall is NOT adequate security. Driving around with your medical practice on your laptop is also risky. Using Gmail and other such public email accounts is another loophole.

But we already have a firewall?

Medical practices are a micro business. A server, couple of computers, a laptop and a printer. Most would get an ADSL connection from their ISP, get a free router (or buy one from Harvey Norman), set-up the wireless network and are off and running.

Using a consumer grade router with minimal security (in most cases a default password that comes with the router) to run a medical practice that is holding sensitive clinical data. Is that firewall going to be any good?

What can you do to protect yourself?

It all starts from understanding the basics. How do you want to run your practice? Where you work, how you connect to your server? Who else connects to it? What applications are you going to use? Who else has access to it?

Once there is a clear understanding of the practice, then look at what systems are already in place – and the potential security gaps.

The next step is simple. Put the correct checks and measure in please to fill in those gaps.

 

We implement, manage and support medical practices on a regular basis. To find out more about how we take security seriously and offer an enhanced level of security for your practice talk to us.